npm - @draftlab/auth - Versions diffs - 0.15.0 → 0.16.0 - Mend

@draftlab/auth 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/dist/esm/allow.js +26 -0
package/dist/esm/client.js +254 -0
package/dist/esm/core.js +597 -0
package/dist/esm/css.d.js +0 -0
package/dist/esm/error.js +88 -0
package/dist/esm/index.js +5 -0
package/dist/esm/keys.js +126 -0
package/dist/esm/mutex.js +53 -0
package/dist/esm/pkce.js +87 -0
package/dist/esm/provider/apple.js +15 -0
package/dist/esm/provider/code.js +62 -0
package/dist/esm/provider/discord.js +15 -0
package/dist/esm/provider/facebook.js +15 -0
package/dist/esm/provider/github.js +15 -0
package/dist/esm/provider/gitlab.js +15 -0
package/dist/esm/provider/google.js +16 -0
package/dist/esm/provider/linkedin.js +15 -0
package/dist/esm/provider/magiclink.js +83 -0
package/dist/esm/provider/microsoft.js +15 -0
package/dist/esm/provider/oauth2.js +130 -0
package/dist/esm/provider/password.js +331 -0
package/dist/esm/provider/provider.js +18 -0
package/dist/esm/provider/reddit.js +15 -0
package/dist/esm/provider/slack.js +15 -0
package/dist/esm/provider/spotify.js +15 -0
package/dist/esm/provider/twitch.js +15 -0
package/dist/esm/provider/vercel.js +17 -0
package/dist/esm/random.js +40 -0
package/dist/esm/revocation.js +27 -0
package/dist/esm/storage/memory.js +110 -0
package/dist/esm/storage/storage.js +56 -0
package/dist/esm/storage/turso.js +93 -0
package/dist/esm/storage/unstorage.js +78 -0
package/dist/esm/subject.js +7 -0
package/dist/esm/themes/theme.js +115 -0
package/dist/esm/toolkit/client.js +119 -0
package/dist/esm/toolkit/index.js +25 -0
package/dist/esm/toolkit/providers/facebook.js +11 -0
package/dist/esm/toolkit/providers/github.js +11 -0
package/dist/esm/toolkit/providers/google.js +11 -0
package/dist/esm/toolkit/providers/strategy.js +0 -0
package/dist/esm/toolkit/storage.js +81 -0
package/dist/esm/toolkit/utils.js +18 -0
package/dist/esm/types.js +0 -0
package/dist/esm/ui/base.js +478 -0
package/dist/esm/ui/code.js +186 -0
package/dist/esm/ui/form.js +46 -0
package/dist/esm/ui/icon.js +242 -0
package/dist/esm/ui/magiclink.js +158 -0
package/dist/esm/ui/password.js +435 -0
package/dist/esm/ui/select.js +102 -0
package/dist/esm/util.js +59 -0
package/dist/{allow.d.mts → types/allow.d.ts} +9 -11
package/dist/types/allow.d.ts.map +1 -0
package/dist/types/client.d.ts +462 -0
package/dist/types/client.d.ts.map +1 -0
package/dist/types/core.d.ts +113 -0
package/dist/types/core.d.ts.map +1 -0
package/dist/{error.d.mts → types/error.d.ts} +95 -97
package/dist/types/error.d.ts.map +1 -0
package/dist/types/index.d.ts +2 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/{keys.d.mts → types/keys.d.ts} +20 -24
package/dist/types/keys.d.ts.map +1 -0
package/dist/types/mutex.d.ts +42 -0
package/dist/types/mutex.d.ts.map +1 -0
package/dist/{pkce.d.mts → types/pkce.d.ts} +10 -11
package/dist/types/pkce.d.ts.map +1 -0
package/dist/types/provider/apple.d.ts +197 -0
package/dist/types/provider/apple.d.ts.map +1 -0
package/dist/types/provider/code.d.ts +288 -0
package/dist/types/provider/code.d.ts.map +1 -0
package/dist/types/provider/discord.d.ts +206 -0
package/dist/types/provider/discord.d.ts.map +1 -0
package/dist/types/provider/facebook.d.ts +200 -0
package/dist/types/provider/facebook.d.ts.map +1 -0
package/dist/types/provider/github.d.ts +220 -0
package/dist/types/provider/github.d.ts.map +1 -0
package/dist/types/provider/gitlab.d.ts +180 -0
package/dist/types/provider/gitlab.d.ts.map +1 -0
package/dist/types/provider/google.d.ts +158 -0
package/dist/types/provider/google.d.ts.map +1 -0
package/dist/types/provider/linkedin.d.ts +190 -0
package/dist/types/provider/linkedin.d.ts.map +1 -0
package/dist/types/provider/magiclink.d.ts +141 -0
package/dist/types/provider/magiclink.d.ts.map +1 -0
package/dist/types/provider/microsoft.d.ts +247 -0
package/dist/types/provider/microsoft.d.ts.map +1 -0
package/dist/types/provider/oauth2.d.ts +229 -0
package/dist/types/provider/oauth2.d.ts.map +1 -0
package/dist/types/provider/password.d.ts +408 -0
package/dist/types/provider/password.d.ts.map +1 -0
package/dist/types/provider/provider.d.ts +226 -0
package/dist/types/provider/provider.d.ts.map +1 -0
package/dist/types/provider/reddit.d.ts +159 -0
package/dist/types/provider/reddit.d.ts.map +1 -0
package/dist/types/provider/slack.d.ts +171 -0
package/dist/types/provider/slack.d.ts.map +1 -0
package/dist/types/provider/spotify.d.ts +168 -0
package/dist/types/provider/spotify.d.ts.map +1 -0
package/dist/types/provider/twitch.d.ts +163 -0
package/dist/types/provider/twitch.d.ts.map +1 -0
package/dist/types/provider/vercel.d.ts +294 -0
package/dist/types/provider/vercel.d.ts.map +1 -0
package/dist/{random.d.mts → types/random.d.ts} +4 -6
package/dist/types/random.d.ts.map +1 -0
package/dist/types/revocation.d.ts +76 -0
package/dist/types/revocation.d.ts.map +1 -0
package/dist/{storage/memory.d.mts → types/storage/memory.d.ts} +17 -21
package/dist/types/storage/memory.d.ts.map +1 -0
package/dist/types/storage/storage.d.ts +177 -0
package/dist/types/storage/storage.d.ts.map +1 -0
package/dist/{storage/turso.d.mts → types/storage/turso.d.ts} +4 -8
package/dist/types/storage/turso.d.ts.map +1 -0
package/dist/{storage/unstorage.d.mts → types/storage/unstorage.d.ts} +12 -11
package/dist/types/storage/unstorage.d.ts.map +1 -0
package/dist/types/subject.d.ts +115 -0
package/dist/types/subject.d.ts.map +1 -0
package/dist/types/themes/theme.d.ts +207 -0
package/dist/types/themes/theme.d.ts.map +1 -0
package/dist/types/toolkit/client.d.ts +235 -0
package/dist/types/toolkit/client.d.ts.map +1 -0
package/dist/types/toolkit/index.d.ts +45 -0
package/dist/types/toolkit/index.d.ts.map +1 -0
package/dist/types/toolkit/providers/facebook.d.ts +8 -0
package/dist/types/toolkit/providers/facebook.d.ts.map +1 -0
package/dist/types/toolkit/providers/github.d.ts +8 -0
package/dist/types/toolkit/providers/github.d.ts.map +1 -0
package/dist/types/toolkit/providers/google.d.ts +8 -0
package/dist/types/toolkit/providers/google.d.ts.map +1 -0
package/dist/types/toolkit/providers/strategy.d.ts +38 -0
package/dist/types/toolkit/providers/strategy.d.ts.map +1 -0
package/dist/{toolkit/storage.d.mts → types/toolkit/storage.d.ts} +37 -39
package/dist/types/toolkit/storage.d.ts.map +1 -0
package/dist/{toolkit/utils.d.mts → types/toolkit/utils.d.ts} +2 -4
package/dist/types/toolkit/utils.d.ts.map +1 -0
package/dist/types/types.d.ts +92 -0
package/dist/types/types.d.ts.map +1 -0
package/dist/types/ui/base.d.ts +18 -0
package/dist/types/ui/base.d.ts.map +1 -0
package/dist/types/ui/code.d.ts +43 -0
package/dist/types/ui/code.d.ts.map +1 -0
package/dist/types/ui/form.d.ts +24 -0
package/dist/types/ui/form.d.ts.map +1 -0
package/dist/types/ui/icon.d.ts +60 -0
package/dist/types/ui/icon.d.ts.map +1 -0
package/dist/types/ui/magiclink.d.ts +41 -0
package/dist/types/ui/magiclink.d.ts.map +1 -0
package/dist/types/ui/password.d.ts +43 -0
package/dist/types/ui/password.d.ts.map +1 -0
package/dist/types/ui/select.d.ts +33 -0
package/dist/types/ui/select.d.ts.map +1 -0
package/dist/{util.d.mts → types/util.d.ts} +11 -13
package/dist/types/util.d.ts.map +1 -0
package/package.json +10 -16
package/dist/adapters/node.d.mts +0 -18
package/dist/adapters/node.mjs +0 -69
package/dist/allow.mjs +0 -63
package/dist/client.d.mts +0 -456
package/dist/client.mjs +0 -283
package/dist/core.d.mts +0 -110
package/dist/core.mjs +0 -595
package/dist/error.mjs +0 -237
package/dist/index.d.mts +0 -2
package/dist/index.mjs +0 -3
package/dist/keys.mjs +0 -146
package/dist/mutex.d.mts +0 -44
package/dist/mutex.mjs +0 -110
package/dist/pkce.mjs +0 -157
package/dist/provider/apple.d.mts +0 -111
package/dist/provider/apple.mjs +0 -164
package/dist/provider/code.d.mts +0 -228
package/dist/provider/code.mjs +0 -246
package/dist/provider/discord.d.mts +0 -146
package/dist/provider/discord.mjs +0 -156
package/dist/provider/facebook.d.mts +0 -142
package/dist/provider/facebook.mjs +0 -150
package/dist/provider/github.d.mts +0 -140
package/dist/provider/github.mjs +0 -169
package/dist/provider/gitlab.d.mts +0 -106
package/dist/provider/gitlab.mjs +0 -147
package/dist/provider/google.d.mts +0 -112
package/dist/provider/google.mjs +0 -109
package/dist/provider/linkedin.d.mts +0 -132
package/dist/provider/linkedin.mjs +0 -142
package/dist/provider/magiclink.d.mts +0 -89
package/dist/provider/magiclink.mjs +0 -143
package/dist/provider/microsoft.d.mts +0 -178
package/dist/provider/microsoft.mjs +0 -177
package/dist/provider/oauth2.d.mts +0 -176
package/dist/provider/oauth2.mjs +0 -222
package/dist/provider/passkey.d.mts +0 -104
package/dist/provider/passkey.mjs +0 -320
package/dist/provider/password.d.mts +0 -412
package/dist/provider/password.mjs +0 -363
package/dist/provider/provider.d.mts +0 -227
package/dist/provider/provider.mjs +0 -44
package/dist/provider/reddit.d.mts +0 -107
package/dist/provider/reddit.mjs +0 -127
package/dist/provider/slack.d.mts +0 -114
package/dist/provider/slack.mjs +0 -138
package/dist/provider/spotify.d.mts +0 -113
package/dist/provider/spotify.mjs +0 -135
package/dist/provider/totp.d.mts +0 -112
package/dist/provider/totp.mjs +0 -191
package/dist/provider/twitch.d.mts +0 -108
package/dist/provider/twitch.mjs +0 -131
package/dist/provider/vercel.d.mts +0 -177
package/dist/provider/vercel.mjs +0 -230
package/dist/random.mjs +0 -86
package/dist/revocation.d.mts +0 -55
package/dist/revocation.mjs +0 -63
package/dist/router/context.d.mts +0 -21
package/dist/router/context.mjs +0 -193
package/dist/router/cookies.d.mts +0 -8
package/dist/router/cookies.mjs +0 -13
package/dist/router/index.d.mts +0 -21
package/dist/router/index.mjs +0 -107
package/dist/router/matcher.d.mts +0 -15
package/dist/router/matcher.mjs +0 -76
package/dist/router/middleware/cors.d.mts +0 -15
package/dist/router/middleware/cors.mjs +0 -114
package/dist/router/safe-request.d.mts +0 -52
package/dist/router/safe-request.mjs +0 -160
package/dist/router/types.d.mts +0 -67
package/dist/router/types.mjs +0 -1
package/dist/router/variables.d.mts +0 -12
package/dist/router/variables.mjs +0 -20
package/dist/storage/memory.mjs +0 -125
package/dist/storage/storage.d.mts +0 -179
package/dist/storage/storage.mjs +0 -104
package/dist/storage/turso.mjs +0 -117
package/dist/storage/unstorage.mjs +0 -103
package/dist/subject.d.mts +0 -62
package/dist/subject.mjs +0 -36
package/dist/themes/theme.d.mts +0 -209
package/dist/themes/theme.mjs +0 -120
package/dist/toolkit/client.d.mts +0 -169
package/dist/toolkit/client.mjs +0 -209
package/dist/toolkit/index.d.mts +0 -9
package/dist/toolkit/index.mjs +0 -9
package/dist/toolkit/providers/facebook.d.mts +0 -12
package/dist/toolkit/providers/facebook.mjs +0 -16
package/dist/toolkit/providers/github.d.mts +0 -12
package/dist/toolkit/providers/github.mjs +0 -16
package/dist/toolkit/providers/google.d.mts +0 -12
package/dist/toolkit/providers/google.mjs +0 -20
package/dist/toolkit/providers/strategy.d.mts +0 -40
package/dist/toolkit/providers/strategy.mjs +0 -1
package/dist/toolkit/storage.mjs +0 -157
package/dist/toolkit/utils.mjs +0 -30
package/dist/types.d.mts +0 -94
package/dist/types.mjs +0 -1
package/dist/ui/base.d.mts +0 -30
package/dist/ui/base.mjs +0 -407
package/dist/ui/code.d.mts +0 -43
package/dist/ui/code.mjs +0 -173
package/dist/ui/form.d.mts +0 -32
package/dist/ui/form.mjs +0 -49
package/dist/ui/icon.d.mts +0 -58
package/dist/ui/icon.mjs +0 -247
package/dist/ui/magiclink.d.mts +0 -41
package/dist/ui/magiclink.mjs +0 -152
package/dist/ui/passkey.d.mts +0 -27
package/dist/ui/passkey.mjs +0 -323
package/dist/ui/password.d.mts +0 -42
package/dist/ui/password.mjs +0 -402
package/dist/ui/select.d.mts +0 -34
package/dist/ui/select.mjs +0 -98
package/dist/ui/totp.d.mts +0 -34
package/dist/ui/totp.mjs +0 -270
package/dist/util.mjs +0 -128

package/dist/{error.d.mts → types/error.d.ts} RENAMED Viewed

@@ -1,4 +1,3 @@
-//#region src/error.d.ts
 /**
  * Error classes and types for Draft Auth operations.
  * Provides comprehensive error handling for OAuth 2.0 and authentication flows.
@@ -38,93 +37,93 @@
  * Standard OAuth error types
  * These error codes are returned by OAuth authorization servers.
  */
-type OauthErrorType = "invalid_request" | "invalid_client" | "invalid_grant" | "invalid_token" | "invalid_redirect_uri" | "insufficient_scope" | "unauthorized_client" | "access_denied" | "unsupported_grant_type" | "server_error" | "temporarily_unavailable" | "unsupported_response_type";
+export type OauthErrorType = "invalid_request" | "invalid_client" | "invalid_grant" | "invalid_token" | "invalid_redirect_uri" | "insufficient_scope" | "unauthorized_client" | "access_denied" | "unsupported_grant_type" | "server_error" | "temporarily_unavailable" | "unsupported_response_type";
 /**
  * Base OAuth error class for handling standard OAuth error responses.
  * Contains both the error code and human-readable description.
  */
-declare class OauthError extends Error {
-  /** The OAuth error code as defined in the specification */
-  readonly error: OauthErrorType;
-  /** Human-readable description of the error */
-  readonly description: string;
-  /**
-   * Creates a new OAuth error with the specified error code and description.
-   *
-   * @param error - The OAuth error type
-   * @param description - Human-readable error description
-   *
-   * @example
-   * ```ts
-   * throw new OauthError("invalid_grant", "Authorization code has expired")
-   * ```
-   */
-  constructor(error: OauthErrorType, description: string);
-  /**
-   * Converts the error to a standard OAuth JSON response format.
-   *
-   * @returns Object with error and error_description fields
-   *
-   * @example
-   * ```ts
-   * const oauthError = new OauthError("invalid_request", "Missing parameter")
-   * return c.json(oauthError.toJSON(), 400)
-   * ```
-   */
-  toJSON(): {
-    error: OauthErrorType;
-    error_description: string;
-  };
+export declare class OauthError extends Error {
+    /** The OAuth error code as defined in the specification */
+    readonly error: OauthErrorType;
+    /** Human-readable description of the error */
+    readonly description: string;
+    /**
+     * Creates a new OAuth error with the specified error code and description.
+     *
+     * @param error - The OAuth error type
+     * @param description - Human-readable error description
+     *
+     * @example
+     * ```ts
+     * throw new OauthError("invalid_grant", "Authorization code has expired")
+     * ```
+     */
+    constructor(error: OauthErrorType, description: string);
+    /**
+     * Converts the error to a standard OAuth JSON response format.
+     *
+     * @returns Object with error and error_description fields
+     *
+     * @example
+     * ```ts
+     * const oauthError = new OauthError("invalid_request", "Missing parameter")
+     * return c.json(oauthError.toJSON(), 400)
+     * ```
+     */
+    toJSON(): {
+        error: OauthErrorType;
+        error_description: string;
+    };
 }
 /**
  * Error thrown when a provider parameter is missing from the authorization request.
  * Occurs when multiple providers are configured but no specific provider is selected.
  */
-declare class MissingProviderError extends OauthError {
-  /**
-   * Creates a missing provider error.
-   * Thrown when the provider query parameter is required but not provided.
-   */
-  constructor();
+export declare class MissingProviderError extends OauthError {
+    /**
+     * Creates a missing provider error.
+     * Thrown when the provider query parameter is required but not provided.
+     */
+    constructor();
 }
 /**
  * Error thrown when a required parameter is missing from a request.
  * Used for validating OAuth request parameters.
  */
-declare class MissingParameterError extends OauthError {
-  /** The name of the missing parameter */
-  readonly parameter: string;
-  /**
-   * Creates a missing parameter error.
-   *
-   * @param parameter - The name of the missing parameter
-   *
-   * @example
-   * ```ts
-   * throw new MissingParameterError("client_id")
-   * ```
-   */
-  constructor(parameter: string);
+export declare class MissingParameterError extends OauthError {
+    /** The name of the missing parameter */
+    readonly parameter: string;
+    /**
+     * Creates a missing parameter error.
+     *
+     * @param parameter - The name of the missing parameter
+     *
+     * @example
+     * ```ts
+     * throw new MissingParameterError("client_id")
+     * ```
+     */
+    constructor(parameter: string);
 }
 /**
  * Error thrown when a client is not authorized to use a specific redirect URI.
  * Prevents unauthorized clients from hijacking authorization codes.
  */
-declare class UnauthorizedClientError extends OauthError {
-  /** The client ID that attempted unauthorized access */
-  readonly clientID: string;
-  /**
-   * Creates an unauthorized client error.
-   *
-   * @param clientID - The client ID attempting unauthorized access
-   * @param redirectURI - The unauthorized redirect URI
-   *
-   * @example
-   * ```ts
-   * throw new UnauthorizedClientError("malicious-client", "https://evil.com/callback")
-   * ```
-   */
-  constructor(clientID: string, redirectURI: string);
+export declare class UnauthorizedClientError extends OauthError {
+    /** The client ID that attempted unauthorized access */
+    readonly clientID: string;
+    /**
+     * Creates an unauthorized client error.
+     *
+     * @param clientID - The client ID attempting unauthorized access
+     * @param redirectURI - The unauthorized redirect URI
+     *
+     * @example
+     * ```ts
+     * throw new UnauthorizedClientError("malicious-client", "https://evil.com/callback")
+     * ```
+     */
+    constructor(clientID: string, redirectURI: string);
 }
 /**
  * Error thrown when the authentication flow is in an unknown or invalid state.
@@ -144,12 +143,12 @@ declare class UnauthorizedClientError extends OauthError {
  * }
  * ```
  */
-declare class UnknownStateError extends Error {
-  /**
-   * Creates an unknown state error.
-   * Indicates that the authentication flow cannot continue due to missing state.
-   */
-  constructor();
+export declare class UnknownStateError extends Error {
+    /**
+     * Creates an unknown state error.
+     * Indicates that the authentication flow cannot continue due to missing state.
+     */
+    constructor();
 }
 /**
  * Error thrown when a subject (user identifier) is invalid or malformed.
@@ -164,11 +163,11 @@ declare class UnknownStateError extends Error {
  * }
  * ```
  */
-declare class InvalidSubjectError extends Error {
-  /**
-   * Creates an invalid subject error.
-   */
-  constructor();
+export declare class InvalidSubjectError extends Error {
+    /**
+     * Creates an invalid subject error.
+     */
+    constructor();
 }
 /**
  * Error thrown when a refresh token is invalid, expired, or revoked.
@@ -187,11 +186,11 @@ declare class InvalidSubjectError extends Error {
  * }
  * ```
  */
-declare class InvalidRefreshTokenError extends Error {
-  /**
-   * Creates an invalid refresh token error.
-   */
-  constructor();
+export declare class InvalidRefreshTokenError extends Error {
+    /**
+     * Creates an invalid refresh token error.
+     */
+    constructor();
 }
 /**
  * Error thrown when an access token is invalid, expired, or malformed.
@@ -210,11 +209,11 @@ declare class InvalidRefreshTokenError extends Error {
  * }
  * ```
  */
-declare class InvalidAccessTokenError extends Error {
-  /**
-   * Creates an invalid access token error.
-   */
-  constructor();
+export declare class InvalidAccessTokenError extends Error {
+    /**
+     * Creates an invalid access token error.
+     */
+    constructor();
 }
 /**
  * Error thrown when an authorization code is invalid, expired, or already used.
@@ -233,11 +232,10 @@ declare class InvalidAccessTokenError extends Error {
  * }
  * ```
  */
-declare class InvalidAuthorizationCodeError extends Error {
-  /**
-   * Creates an invalid authorization code error.
-   */
-  constructor();
+export declare class InvalidAuthorizationCodeError extends Error {
+    /**
+     * Creates an invalid authorization code error.
+     */
+    constructor();
 }
-//#endregion
-export { InvalidAccessTokenError, InvalidAuthorizationCodeError, InvalidRefreshTokenError, InvalidSubjectError, MissingParameterError, MissingProviderError, OauthError, OauthErrorType, UnauthorizedClientError, UnknownStateError };
+//# sourceMappingURL=error.d.ts.map

package/dist/types/error.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/error.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH;;;GAGG;AACH,MAAM,MAAM,cAAc,GACvB,iBAAiB,GACjB,gBAAgB,GAChB,eAAe,GACf,eAAe,GACf,sBAAsB,GACtB,oBAAoB,GACpB,qBAAqB,GACrB,eAAe,GACf,wBAAwB,GACxB,cAAc,GACd,yBAAyB,GACzB,2BAA2B,CAAA;AAE9B;;;GAGG;AACH,qBAAa,UAAW,SAAQ,KAAK;IACpC,2DAA2D;IAC3D,SAAgB,KAAK,EAAE,cAAc,CAAA;IACrC,8CAA8C;IAC9C,SAAgB,WAAW,EAAE,MAAM,CAAA;IAEnC;;;;;;;;;;OAUG;gBACS,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM;IAOtD;;;;;;;;;;OAUG;IACH,MAAM;;;;CAMN;AAED;;;GAGG;AACH,qBAAa,oBAAqB,SAAQ,UAAU;IACnD;;;OAGG;;CAQH;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,UAAU;IACpD,wCAAwC;IACxC,SAAgB,SAAS,EAAE,MAAM,CAAA;IAEjC;;;;;;;;;OASG;gBACS,SAAS,EAAE,MAAM;CAK7B;AAED;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IACtD,uDAAuD;IACvD,SAAgB,QAAQ,EAAE,MAAM,CAAA;IAEhC;;;;;;;;;;OAUG;gBACS,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;CAQjD;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,iBAAkB,SAAQ,KAAK;IAC3C;;;OAGG;;CAOH;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;IAC7C;;OAEG;;CAKH;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;IAClD;;OAEG;;CAKH;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;IACjD;;OAEG;;CAKH;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,6BAA8B,SAAQ,KAAK;IACvD;;OAEG;;CAKH"}

package/dist/types/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { issuer } from "./core";
2	+ //# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA"}

package/dist/{keys.d.mts → types/keys.d.ts} RENAMED Viewed

@@ -1,27 +1,24 @@
-import { StorageAdapter } from "./storage/storage.mjs";
-import { CryptoKey, JWK } from "jose";
-//#region src/keys.d.ts
+import { type CryptoKey, type JWK } from "jose";
+import { type StorageAdapter } from "./storage/storage";
 /**
  * Runtime key pair with loaded cryptographic keys and metadata.
  * Ready for immediate use in signing and encryption operations.
  */
-interface KeyPair {
-  /** Unique identifier for the key pair */
-  readonly id: string;
-  /** Algorithm used for this key pair */
-  readonly alg: string;
-  /** Loaded public key for verification/encryption */
-  readonly public: CryptoKey;
-  /** Loaded private key for signing/decryption */
-  readonly private: CryptoKey;
-  /** Date when the key was created */
-  readonly created: Date;
-  /** Optional expiration date */
-  readonly expired?: Date;
-  /** JSON Web Key representation for JWKS endpoints */
-  readonly jwk: JWK;
+export interface KeyPair {
+    /** Unique identifier for the key pair */
+    readonly id: string;
+    /** Algorithm used for this key pair */
+    readonly alg: string;
+    /** Loaded public key for verification/encryption */
+    readonly public: CryptoKey;
+    /** Loaded private key for signing/decryption */
+    readonly private: CryptoKey;
+    /** Date when the key was created */
+    readonly created: Date;
+    /** Optional expiration date */
+    readonly expired?: Date;
+    /** JSON Web Key representation for JWKS endpoints */
+    readonly jwk: JWK;
 }
 /**
  * Loads or generates signing keys for JWT operations.
@@ -42,7 +39,7 @@ interface KeyPair {
  *   .sign(currentKey.private)
  * ```
  */
-declare const signingKeys: (storage: StorageAdapter) => Promise<KeyPair[]>;
+export declare const signingKeys: (storage: StorageAdapter) => Promise<KeyPair[]>;
 /**
  * Loads or generates encryption keys for token encryption operations.
  * Returns existing valid keys, or generates new ones if none are available.
@@ -62,6 +59,5 @@ declare const signingKeys: (storage: StorageAdapter) => Promise<KeyPair[]>;
  *   .encrypt(currentKey.public)
  * ```
  */
-declare const encryptionKeys: (storage: StorageAdapter) => Promise<KeyPair[]>;
-//#endregion
-export { KeyPair, encryptionKeys, signingKeys };
+export declare const encryptionKeys: (storage: StorageAdapter) => Promise<KeyPair[]>;
+//# sourceMappingURL=keys.d.ts.map

package/dist/types/keys.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/keys.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,KAAK,SAAS,EAOd,KAAK,GAAG,EACR,MAAM,MAAM,CAAA;AAGb,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAoChE;;;GAGG;AACH,MAAM,WAAW,OAAO;IACvB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,uCAAuC;IACvC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,oDAAoD;IACpD,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAA;IAC1B,gDAAgD;IAChD,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAA;IAC3B,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAA;IACtB,+BAA+B;IAC/B,QAAQ,CAAC,OAAO,CAAC,EAAE,IAAI,CAAA;IACvB,qDAAqD;IACrD,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAA;CACjB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,WAAW,GAAU,SAAS,cAAc,KAAG,OAAO,CAAC,OAAO,EAAE,CAmE5E,CAAA;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,cAAc,GAAU,SAAS,cAAc,KAAG,OAAO,CAAC,OAAO,EAAE,CAiE/E,CAAA"}

package/dist/types/mutex.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * A Mutex (mutual exclusion lock) for async functions.
+ * It allows only one async task to access a critical section at a time.
+ *
+ * @example
+ * const mutex = new Mutex();
+ *
+ * async function criticalSection() {
+ *   await mutex.acquire();
+ *   try {
+ *     // This code section cannot be executed simultaneously
+ *   } finally {
+ *     mutex.release();
+ *   }
+ * }
+ */
+export declare class Mutex {
+    private semaphore;
+    /**
+     * Checks if the mutex is currently locked.
+     * @returns True if the mutex is locked, false otherwise.
+     */
+    get isLocked(): boolean;
+    /**
+     * Acquires the mutex, blocking if necessary until it is available.
+     * @returns A promise that resolves when the mutex is acquired.
+     */
+    acquire(): Promise<void>;
+    /**
+     * Releases the mutex, allowing another waiting task to proceed.
+     */
+    release(): void;
+    /**
+     * Runs a function while holding the mutex lock.
+     * Automatically acquires before and releases after the function execution.
+     *
+     * @param fn - The function to execute while holding the lock
+     * @returns The result of the function
+     */
+    runExclusive<T>(fn: () => Promise<T>): Promise<T>;
+}
+//# sourceMappingURL=mutex.d.ts.map

package/dist/types/mutex.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mutex.d.ts","sourceRoot":"","sources":["../../src/mutex.ts"],"names":[],"mappings":"AA8DA;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,KAAK;IACjB,OAAO,CAAC,SAAS,CAAmB;IAEpC;;;OAGG;IACH,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAI9B;;OAEG;IACH,OAAO,IAAI,IAAI;IAIf;;;;;;OAMG;IACG,YAAY,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;CAQvD"}

package/dist/{pkce.d.mts → types/pkce.d.ts} RENAMED Viewed

@@ -1,4 +1,3 @@
-//#region src/pkce.d.ts
 /**
  * PKCE (Proof Key for Code Exchange) implementation for OAuth security.
  * Provides protection against authorization code interception attacks by using
@@ -12,12 +11,12 @@ type PKCEMethod = "S256" | "plain";
  * Complete PKCE challenge data containing verifier, challenge, and method.
  */
 interface PKCEChallenge {
-  /** The code verifier to be sent to the token endpoint */
-  readonly verifier: string;
-  /** The code challenge to be sent to the authorization endpoint */
-  readonly challenge: string;
-  /** The challenge method used */
-  readonly method: "S256";
+    /** The code verifier to be sent to the token endpoint */
+    readonly verifier: string;
+    /** The code challenge to be sent to the authorization endpoint */
+    readonly challenge: string;
+    /** The challenge method used */
+    readonly method: "S256";
 }
 /**
  * Generates a complete PKCE challenge for OAuth authorization requests.
@@ -41,7 +40,7 @@ interface PKCEChallenge {
  *
  * @throws {RangeError} If length is outside valid range or generated verifier doesn't meet requirements
  */
-declare const generatePKCE: (length?: number) => Promise<PKCEChallenge>;
+export declare const generatePKCE: (length?: number) => Promise<PKCEChallenge>;
 /**
  * Validates a PKCE code verifier against a previously generated challenge.
  * Uses timing-safe comparison and timing normalization to prevent timing attacks.
@@ -67,6 +66,6 @@ declare const generatePKCE: (length?: number) => Promise<PKCEChallenge>;
  * }
  * ```
  */
-declare const validatePKCE: (verifier: string, challenge: string, method?: PKCEMethod) => Promise<boolean>;
-//#endregion
-export { generatePKCE, validatePKCE };
+export declare const validatePKCE: (verifier: string, challenge: string, method?: PKCEMethod) => Promise<boolean>;
+export {};
+//# sourceMappingURL=pkce.d.ts.map

package/dist/types/pkce.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../src/pkce.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AAEH;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,GAAG,OAAO,CAAA;AA0DlC;;GAEG;AACH,UAAU,aAAa;IACtB,yDAAyD;IACzD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,kEAAkE;IAClE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,gCAAgC;IAChC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACvB;AAmCD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,YAAY,GAAU,eAAW,KAAG,OAAO,CAAC,aAAa,CA0BrE,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,YAAY,GACxB,UAAU,MAAM,EAChB,WAAW,MAAM,EACjB,SAAQ,UAAmB,KACzB,OAAO,CAAC,OAAO,CAqDjB,CAAA"}

package/dist/types/provider/apple.d.ts ADDED Viewed

@@ -0,0 +1,197 @@
+/**
+ * Apple authentication provider for Draft Auth.
+ * Implements OAuth 2.0 flow for authenticating users with their Apple accounts.
+ *
+ * ## Quick Setup
+ *
+ * ```ts
+ * import { AppleProvider } from "@draftlab/auth/provider/apple"
+ *
+ * export default issuer({
+ *   basePath: "/auth", // Important for callback URL
+ *   providers: {
+ *     apple: AppleProvider({
+ *       clientID: process.env.APPLE_CLIENT_ID,
+ *       clientSecret: process.env.APPLE_CLIENT_SECRET,
+ *       scopes: ["name", "email"]
+ *     })
+ *   }
+ * })
+ * ```
+ *
+ * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
+ * - Development: `http://localhost:3000/auth/apple/callback`
+ * - Production: `https://yourapp.com/auth/apple/callback`
+ *
+ * Register this URL in your Apple Developer Portal.
+ *
+ * ## Setup Instructions
+ *
+ * ### 1. Create App ID
+ * - Go to [Apple Developer](https://developer.apple.com)
+ * - Create a new App ID with "Sign in with Apple" capability
+ *
+ * ### 2. Create Service ID
+ * - Create a new Service ID (this is your clientID)
+ * - Configure "Sign in with Apple"
+ * - Add your redirect URI
+ *
+ * ### 3. Create Private Key
+ * - Create a private key for "Sign in with Apple"
+ * - Download the .p8 file (this is used to create your clientSecret)
+ *
+ * ## Client Secret Generation
+ *
+ * Apple requires a JWT token as the client secret. You'll need:
+ * - Key ID from the private key
+ * - Team ID from your Apple Developer account
+ * - Private key (.p8 file)
+ *
+ * Use a library to generate the JWT (valid for ~15 minutes):
+ *
+ * ```ts
+ * import { SignJWT } from "jose"
+ *
+ * const secret = await new SignJWT({
+ *   iss: "YOUR_TEAM_ID",
+ *   aud: "https://appleid.apple.com",
+ *   sub: process.env.APPLE_CLIENT_ID,
+ *   iat: Math.floor(Date.now() / 1000),
+ *   exp: Math.floor(Date.now() / 1000) + 15 * 60
+ * })
+ *   .setProtectedHeader({ alg: "ES256", kid: "YOUR_KEY_ID" })
+ *   .sign(privateKey)
+ * ```
+ *
+ * ## Common Scopes
+ *
+ * - `name` - Access user's name (first and last name)
+ * - `email` - Access user's email address
+ *
+ * Note: Apple only returns user data on the first authorization. Subsequent authorizations won't include name/email.
+ *
+ * ## User Data Access
+ *
+ * ```ts
+ * success: async (ctx, value) => {
+ *   if (value.provider === "apple") {
+ *     const accessToken = value.tokenset.access
+ *
+ *     // Apple doesn't provide a userinfo endpoint
+ *     // User data is returned in the authorization response
+ *     // You need to parse the id_token JWT to get user info
+ *
+ *     // For subsequent logins without name/email, use the subject (user_id)
+ *     // from the ID token to identify the user
+ *   }
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { type Oauth2WrappedConfig } from "./oauth2";
+/**
+ * Configuration options for Apple OAuth 2.0 provider.
+ * Extends the base OAuth 2.0 configuration with Apple-specific documentation.
+ */
+export interface AppleConfig extends Oauth2WrappedConfig {
+    /**
+     * Apple Service ID (app identifier for your Sign in with Apple implementation).
+     * Get this from your Apple Developer account when creating a Service ID.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientID: "com.example.app.signin"
+     * }
+     * ```
+     */
+    readonly clientID: string;
+    /**
+     * Apple client secret (JWT token signed with your private key).
+     * This is different from other providers - Apple requires a JWT token
+     * generated from your private key.
+     *
+     * @example
+     * ```ts
+     * {
+     *   clientSecret: process.env.APPLE_CLIENT_SECRET
+     * }
+     * ```
+     */
+    readonly clientSecret: string;
+    /**
+     * Apple OAuth scopes to request access for.
+     * Apple only supports "name" and "email" scopes.
+     *
+     * Important: Apple only provides user data (name, email) on the FIRST authorization.
+     * Subsequent authorizations won't include this data.
+     *
+     * @example
+     * ```ts
+     * {
+     *   scopes: ["name", "email"]
+     * }
+     * ```
+     */
+    readonly scopes: string[];
+}
+/**
+ * Creates an Apple OAuth 2.0 authentication provider.
+ * Allows users to authenticate using their Apple accounts.
+ *
+ * @param config - Apple OAuth 2.0 configuration
+ * @returns OAuth 2.0 provider configured for Apple
+ *
+ * @example
+ * ```ts
+ * // Basic Apple authentication
+ * const basicApple = AppleProvider({
+ *   clientID: process.env.APPLE_CLIENT_ID,
+ *   clientSecret: process.env.APPLE_CLIENT_SECRET
+ * })
+ *
+ * // Apple with name and email scopes
+ * const appleWithScopes = AppleProvider({
+ *   clientID: process.env.APPLE_CLIENT_ID,
+ *   clientSecret: process.env.APPLE_CLIENT_SECRET,
+ *   scopes: ["name", "email"]
+ * })
+ *
+ * // Using the tokens and id_token
+ * export default issuer({
+ *   providers: { apple: appleWithScopes },
+ *   success: async (ctx, value) => {
+ *     if (value.provider === "apple") {
+ *       // Apple returns user data in the initial authorization response
+ *       // You need to decode the id_token to extract user information
+ *
+ *       // The id_token contains:
+ *       // - sub: unique Apple user identifier
+ *       // - email: user email (only on first authorization)
+ *       // - email_verified: whether email is verified
+ *       // - is_private_email: whether user used private relay
+ *
+ *       // Decode and verify the id_token using jose:
+ *       // const verified = await jwtVerify(value.tokenset.id, jwks)
+ *       // const user = verified.payload
+ *
+ *       return ctx.subject("user", {
+ *         appleId: user.sub,
+ *         email: user.email,
+ *         emailVerified: user.email_verified,
+ *         isPrivateEmail: user.is_private_email
+ *       })
+ *     }
+ *   }
+ * })
+ * ```
+ *
+ * **Callback URL Pattern**: `{baseURL}{basePath}/{provider}/callback`
+ * - Development: `http://localhost:3000/auth/apple/callback`
+ * - Production: `https://yourapp.com/auth/apple/callback`
+ *
+ * Register this URL in your Apple Developer Portal.
+ */
+export declare const AppleProvider: (config: AppleConfig) => import("./provider").Provider<import("./oauth2").Oauth2UserData>;
+//# sourceMappingURL=apple.d.ts.map

package/dist/types/provider/apple.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"apple.d.ts","sourceRoot":"","sources":["../../../src/provider/apple.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0FG;AAEH,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAEnE;;;GAGG;AACH,MAAM,WAAW,WAAY,SAAQ,mBAAmB;IACvD;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IAEzB;;;;;;;;;;;OAWG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAE7B;;;;;;;;;;;;;OAaG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,eAAO,MAAM,aAAa,GAAI,QAAQ,WAAW,qEAShD,CAAA"}